{# Note that there must be exactly one VLAN-aware bridge. #}
{% set bridge = interfaces | selectattr('type') | selectattr('type.value', '==', 'bridge') | first %}
{% set bridge_vlans = vlans | selectattr('vid', 'in', bridge.tagged_vlans | map(attribute='vid')) -%}

# A separate VRF for each inside network so we can firewall between them.
{% for vlan in bridge_vlans | selectattr('role.slug', '==', 'inside') %}
auto {{ vlan.name }}
iface {{ vlan.name }}
    vrf-table auto

{% endfor %}

# Interfaces.
{% for vlan in bridge_vlans %}
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true)
        | map(attribute='prefix') %}
auto {{ bridge.name }}.{{ vlan.vid }}
iface {{ bridge.name }}.{{ vlan.vid }}
    vrf {% if vlan.role.slug == 'outside' %}outside{% else %}{{ vlan.name }}{% endif +%}
    mtu 9216
{% if peer is defined %}
{% set my_index = inventory_hostname.split('-')[1]|int %}
{% for prefix in prefixes %}
    address {{ prefix | ipaddr(1 + my_index) }}
{% endfor %}
{% if prefixes %}
    address-virtual 00:00:5e:00:01:01 {{ prefixes | ipaddr(1) | join(' ') }}
{% endif %}
{% else %}
{% for prefix in prefixes %}
    address {{ prefix }}
{% endfor %}
{% endif %}

{% endfor %}